root@debian:~$ dpkg --get-selections > /root/package-selections
wiki.debian.org
Tag: debian
Remove packages that are no longer needed
user@ubuntu:~$ sudo apt-get autoremove
help.ubuntu.com
Executing Linux commands in the background using screen
The screen command allows you to detach a running process from a session and then reattach it at a later time. Its use is simple:
user@debian:~$ screen yourlinuxcommand
Now that yourlinuxcommand is executing, press Ctrl+A followed by D to detach the screen.
Obtain a list of all the running screen processes:
user@debian:~$ screen -ls
There is a screen on:
18470.pts-0.server(02/03/14 10:03:43) (Detached)
1 Socket in /var/run/screen/S-user.
Note the screen id in the above output. Use the screen id to reattach the session at anytime:
user@debian:~$ $ screen -r 18470.pts-0.server
The Debian Administrator’s Handbook
“We wanted the book to be freely available (that is under the terms of a license compatible with the Debian Free Software Guidelines of course). There was a condition though: a liberation fund had to be completed to ensure we had a decent compensation for the work that the book represents. This fund reached its target of €25K in April 2012.” Raphaël Hertzog and Roland Mas hope that you will enjoy the book.
debian-handbook.info
Windows applications making GRUB 2 unbootable
“We need to defend ourselves against the predatory practices of some companies making us look bad: a relatively small number of people do enough detective work to realise that it’s the fault of a particular Windows application, but many more simply blame our operating system because it won’t start any more.” Debian developer Colin Watson asks for your help in an effort to mitigate the problems caused by antifeatures built into Windows software that result in broken Windows/Linux double-boot systems.
www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom
Ubuntu Linux is for everyone
Ubuntu is a relatively new flavour of Linux. Since the release of ‘Warty Warthog’ in October 2004, it has become the most popular Linux distribution worldwide. Similar to its parent, Debian GNU/Linux, Ubuntu is based entirely on free software. It inherits outstanding package management and provides one-click access to thousands of downloadable applications.
Ubuntu can be installed as an application inside an existing Windows installation. This provides new users with a great opportunity to try Ubuntu at no risk to their existing setup. Ubuntu 8.10 (Intrepid Ibex) is the latest version and available for download from today.
www.unbuntu.com
Samba as a file server
Samba enables Linux to speak the Server Message Block (SMB) protocol, which is also used by Windows and Mac OS X to exchange data over a network. Get the necessary packages with the following command:
user@ubuntu:~$ sudo apt-get install swat netkit-inetd
For an initial configuration, edit the file /etc/samba/smb.conf to contain the following entries:
[global]
workgroup = SAMBA
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0640
directory mask = 0750
browseable = No
Continue by adding local users to the smbpasswd file:
user@ubuntu:~$ sudo smbpasswd -a user
Restart the Samba server with the following command:
user@ubuntu:~$ sudo /etc/init.d/samba restart
The server ubuntu now joins the SAMBA workgroup, giving users who have been added to the smbpasswd file access to their respective home directories.
Using SWAT
Using the Samba Web Administration Tool (SWAT), you can access help, obtain status information and change the configuration of your Samba server. Use a web browser to access http://localhost:901/ and log in as the local root user. In principle, SWAT can also be reached from other machines on your local network. However, such connections are vulnerable to password sniffing because of the clear text protocol that SWAT uses to authenticate users.
www.samba.org, copia.ogbuji.net
Setting the time zone
Set the local time zone with the following command:
user@ubuntu:~$ sudo tzconfig
Thoughts on moving from Debian to Ubuntu Server
“If Canonical keeps its update schedule and support commitments along with the legendary Debian robustness, we may have a keeper.” Staff at Advosys Consulting are considering Ubuntu for entirely practical reasons.
www.advosys.ca
Public/private key authentication with SSH
Updated 09/10/2016
SSH is a protocol that enables secure logins over a network. It supports the use of asymmetric encryption for user authentication. Private keys are kept locally, while public keys are stored on the remote machine.
On the local machine
Use the following command to generate a new key pairs for the local user schmidt:
schmidt@exhaustpiano:~$ ssh-keygen -t ed25519 -o -a 100
schmidt@exhaustpiano:~$ ssh-keygen -t rsa -b 8192 -o -a 100
Use an appropriate passphrase to secure the private key (don’t be tempted to use an empty passphrase).
Deploy the public key with the following command:
schmidt@exhaustpiano:~$ ssh-copy-id schmidt@pizzaposition
On the remote machine
Delete any unused host keys with the following command:
root@pizzaposition:~$ rm /etc/ssh/ssh_host_dsa_key* /etc/ssh/ssh_host_ecdsa_key* /etc/ssh/ssh_host_rsa_key*
Create the group ssh-users with the following command:
root@pizzaposition:~$ addgroup --system ssh-users
Add the local user schmidt to the group ssh-users:
root@pizzaposition:~$ adduser schmidt ssh-users
Make the following changes in sshd_config to improve on the default configuration:
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# Specify allowed key exchange algorithms
KexAlgorithms curve25519-sha256@libssh.org
# Specify the ciphers allowed for protocol version 2
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
# Specifiy the available MAC (message authentication code) algorithms
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
# Logging
LogLevel VERBOSE
# Authentication:
AllowGroups ssh-users
LoginGraceTime 20
PermitRootLogin no
MaxAuthTries 1
RSAAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
ClientAliveInterval 15
MaxStartups 3:60:20
UsePAM no
UseDNS no
Restart the SSH server on the remote machine with the following command:
root@pizzaposition:~$ systemctl restart ssh.service
Setting these options will make root logins impossible. Only users belonging to the group ssh-users may establish a connection. Access is strictly tied to the private key and the passphrase used to encrypt it. Using the private key stored on exhaustpiano, local user schmidt should now be able to remotely log into pizzaposition:
schmidt@exhaustpiano:~$ ssh pizzaposition
Enter passphrase for key '/home/schmidt/.ssh/id_ed25519':
Last login: Sun Oct 9 15:51:15 2016 from 12.34.56.78
schmidt@pizzaposition:~$
For more in-depth information, please see stribika’s post-Snowden advice on hardening OpenSSH server installations.
stribika.github.io
The book SSH The Secure Shell by Daniel Barrett, Richard Silverman and Robert Byrnes is still useful today and has information on other clever stuff you can do with SSH.
I did not come up with exhaustpiano and pizzaposition. The NSA Name Generator did.